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We claim: 

1. A distributed security system comprising: 

a security policy written in a security policy language; and 
a least one computer device that processes data in accordance with the security 
policy. 

2. The distributed security system of claim 1, wherein: 

the security policy identifies components of the security system. 

3. The distributed security system of claim 1, wherein: 

the security policy identifies access rights of the security system. 

4. The distributed security system of claim 1, wherein: 

the security policy language comprises the extensible markup language. 

5. The distributed security system of claim 1, wherein: 

the security policy is configurable. 

6. The distributed security system of claim 1, wherein: 

the security policy language comprises at least some logic-based components. 

7. The distributed security system of claim 1, wherein: 

the security policy language comprises at least some rule-based components. 

8. The distributed security system of claim 1, wherein: 

the security policy language comprises procedural components. 

9. The distributed security system of claim 1, wherein the computer device is 
configured with computer-executable instructions to: 



-19- 



Patent Application 



Atty. Docket No.: 03797.00212 
Client No. 196119.1 



receive from a first entity a message formatted in a first protocol; and 
transmit to a second entity the message formatted in a second protocol that is 
different firom the first protocol. 

10. The distributed security system of claim 9, wherein the computer device is 
configured with computer-executable instructions to: 

receive firom a first entity a message transported with a first transport; and 
transmit to the second entity the message using a second transport that is 
different firom the first transport. 

1 1 . The distributed security system of claim 1, wherein the security policy is 
implemented with at least one application programming interface. 

12. The distributed security system of claim 1, wherein the security language 
includes programming language constructs. 

13. The distributed security system of claim 1, wherein the security policy includes 
an identity service. 

14. The distributed security system of claim 1, wherein the security policy includes 
an admission service. 

15. The distributed security system of claim 1, wherein the security policy includes 
a permission service. 

16. The distributed security system of claim 1, wherein the security policy includes 
a revocation service. 

17. The distributed security system of claim 1, wherein the security policy includes a 
mapping of entities to rights. 
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1 8. The distributed security system of claim 17, wherein the security policy further 
includes a mapping of entities to capabilities. 

19. The distributed security system of claim 1, wherein the security policy is 
configured to invoke external computer-readable instructions. 

20. The distributed security system of claim 19, wherein flie external computer- 
readable instructions comprise native processor code. 

21. The distributed security system of claim 19, wherein the external computer- 
readable instructions comprise Java code. 

22. A method of delegating security credentials, the method including: 

providing to a second party a first license issued to a first party; and 
providing to the second party a second license that allows the second party to 
use the first license. 

23. The method of claim 22, wherein the second license is issued by the first party. 

24. The method of claim 22, wherein the second license includes conditions on the 
use of the first license. 

25. A method of transmitting a message between a first party and a second party, the 
method including: 

receiving fi:om the first party a message addressed to the second party, 
wherein the message is transported with a first transport and formatted in accordance 
with a first protocol; 

determining a transport and protocol required by the second party fi:om a 
security policy; and 
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transmitting the message to the second party using the transport and protocol 
required by the second party. 

26. A method of transmitting a secure message between a first party and a second 
party, the method including: 

formatting the message with a markup language; and 
inserting a security credential into a header of the message. 

27. The method of claim 26, wherein the markup language comprises the extensible 
markup language. 

28. The method of claim 26, wherein the security credential comprises a license. 

29. The method of claim 26, wherein the security credential comprises a key. 

30. A method of defining a security arrangement between entities of a distributed 
computing system, the method including: 

identifying a portion of a jSrst security policy written in a first security policy 
language; 

identifying a portion of a second security policy written in a second security 
policy language; and 

processesing data in accordance with the portion of the first security policy and 
the portion of the second security poHcy. 

3 1 . The method of claim 30, further including exchanging messages between the 
entities to negotiate on the identification of the portion of the first security policy and 
the portion of the second security policy. 

32. The method of claim 30, wherein the first security policy language is the same as 
the second security policy language. 
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